Nelson B. Bolyard wrote: > "ingo.kappler" wrote: >> >> Nelson B. Bolyard wrote: >> >> > Ingo Kappler wrote: >> >> >> >> For secure mail connections I use a selfsigned certificate on the >> >> server, >> > >> > You mentioned imaps and pop3s in the subject. Did you mean imaps and >> > smtps? AFAIK, mozilla doesn't do pop3 over SSL, but does do imaps and >> > smtps. >> >> Sorry, I don't know if I know everything right. But when I spoke from >> pop3s and imaps I ment the entrances in /etc/inetd.conf. >> >> ie: >> # pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/ipop3d >> pop3s stream tcp nowait root /usr/sbin/ipop3d /usr/sbin/ipop3d >> # >> # stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd >> imaps stream tcp nowait root /usr/sbin/imapd /usr/sbin/imapd >> >> Maybe pop3s uses smtps? > > No. IMAP and POP3 are two different protocols by which a Mail User Agent > (MUA) (a program like moz or N6 or kmail) fetches email messages that have > reached their destination Mail Transfer Agent (MTA, a server). SMTP is > the > protocol by which email is sent to an MTA. So, your MUA sends email via > SMTP and receives it by either POP3 or IMAP. The letter S after any of > those acronyms means "secure" or "over SSL". > > SMTPS is done over the same TCP port as SMTP, so it doesn't have a > separate entry from SMTP in /etc/services, AFAIK. > > I just learned that POP3S support was added to mozilla in N6.2, so I was > mistaken when I said that mozilla doesn't support it.
I could have known, that smtp means sending. But I was a bit confused, sorry. > So, here are some questions for you: > > 1. Does the problem you reported (error -8182) happen when sending email > or when receiving email? Only when receiving. I don't use smtps for sending. > 2. When you used N6.2, were you receiving your email with IMAPS? or POP3S? > (or maybe just IMAP or POP3) ?? With both secure versions (IMAPS and POP3S). > 3. When you try to use N7 or moz1.0, is it configured exactly the same as > N6.2 (I mean, both are using IMAPS or both are using POP3S or ...) The Server only allows the secure versions for receiving. There is no possibility to receive mail without ssl. I'm not sure if I have tested both versions (IMAPS and POP3S), but one of both for sure doesn't do the job. > 4. Is your SMTP server also configured to use SSL? No. > 5. Is your N6.2 configured to always use SSL when sending email? No. On some machines it is configured to use the most secure way, because I was thinking of using SMTPS in future. But now sending is not the problem. > 6. Is your N7 (or moz1.0) configured the same as your N6.2 (both always > use SSL, or both never use SSL, or ...) It can only work if both use SSL, see above. >> >> created with openssl. It works for my needs with netscape 6.2 and >> >> kmail and other programs, except mozilla 1.0 and netscape 7. >> >> >> >> I get an error message saying it couldn`t establish a secure >> >> connection for the cert might be destroyed or not usable with >> >> error-code -8182. > >> > The version of NSS used by PSM in mozilla has changed, for one thing. >> > There have also been numerous other changes in PSM. PSM's error >> > handling UI for SSL has changed. > > I'm still trying to find out if any of those changes are relevant to your > situation. > > You'll have to check the configuration of your own N6 and N7 clients to > see > if they're using POP3S or IMAPS. There's no way for me to tell. They are using POP3S and IMAPS. >> > Without a copy of your cert, I can only conjecture about the cause. >> > Please file a bug against PSM in bugzilla and attach your server cert >> > to it. Please be sure to explain exactly how you were using the cert, >> > both in earlier versions of mozilla that worked and in the versions >> > that failed. >> >> There is no change on my side. > > Well, you have changed between N6 and N7, and there are differences of > configuration between them. You may, for example, have marked that cert > in N6 as a trusted server cert, but may not have marked it similarly for > N7. If the cert is not known, AFAIK netscape normaly asks to mark it trusted or not. N7 and M1 are not getting so far. The error appears before. >> > If you could make your server available to us for testing that might >> > also help. We would not need an actual account on the server for >> > testing purposes, I believe. >> >> It's the first time I get asked to fill up a bug report. Ok, I will look >> how to do it. But what have I exactly to do, to make testing possible for >> you? If needed I could give you a mail account too. > > Once you know the answers to the questions I asked above, you can just > email the answers to me, along with the hostname of your mail server > system, and I can play with it. I don't need an account, but I do need > to be able to connect to the system.. I send you a mail with the hostname separatly. >> Are You interested in the way how I created the certificate? I just could >> post it too. > > If I can connect to your server, I can get the cert myself. I mail you the cert too. >> Thank-you for your answer. >> >> >> Thanks Ingo >> > >> > -- >> > Nelson Bolyard >> > Disclaimer: I speak for myself, not for Netscape > > > -- > Nelson Bolyard > Disclaimer: I speak for myself, not for Netscape
